PRIVACY POLICY OF “KLINIKA DZINTARI” LTD
In order to ensure the economic activity of “Klīnika Dzintari” Ltd. as a service provider and employer, legal interests and compliance with regulatory acts, it is necessary for “Klīnika Dzintari” Ltd. to process personal data of customers/patients and employees. “Klīnika Dzintari” Ltd. has developed this Privacy Policy (hereinafter – the Policy) in order to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and the free transfer of such data circulation and which repeals Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation) to explain in a transparent and comprehensible manner the activities performed by “Klīnika Dzintari” Ltd. as a service provider and employer with the client/patient and employee to personal data, providing information on the purpose of data processing, legal basis, duration of processing, recipients of personal data, as well as the rights of customers/patients and employees in connection with personal data processing.1. Terms usedThe definitions of the terms used in the policy follow from Article 4 of the Regulation:
1.1. Personal data – any information relating to an identifiable or identified natural person, including, but not limited to: name, surname, personal identification number, correspondence address, telephone number, e-mail address, as well as special categories of personal data – all types of information in relation to a person’s state of health, religious, philosophical beliefs, trade union membership, race or ethnicity, political views, genetic or biometric data, if used for identification;
1.2. Manager – “Klīnika Dzintari” Ltd., unified registration no. 40003461335, legal address Jūrmala, Mežsargu street 4/6, LV-2008, telephone number: +371 67755140, e-mail address: dzintari@dzintari.lv (hereinafter – Clinic or Us);
1.3. Data subject – natural person who can be directly or indirectly identified and whose personal data is processed. Clients/patients and employees within the meaning of this Policy who are natural persons and who use the Clinic’s services, potential clients, natural persons who have not established a relationship with the Clinic and who are interested in the terms and/or costs of the Clinic’s services, former clients/patients, representatives of customers/patients, including contact persons and legal representatives, job candidates, current and former employees, persons present in the facilities or in the areas adjacent to them, users of information systems and websites, owners of real estate necessary for the provision of services, representatives of owners, natural persons involved in marketing activities (for example, in contests, promotions), as well as other physical persons whom the Clinic cannot currently identify, (hereinafter all together – You or the Client);
1.4. Recipient of personal data – natural or legal person, public institution, agency or other body to which personal data is or may be disclosed;
1.5. Data protection specialist – a person whose task is to inform and advise the Clinic and its Clients on the fulfillment of personal data protection requirements. In the event that the Customer wishes to contact the Data Protection Specialist, including to inquire about his rights as a Data Subject, he may use the address or means of communication specified in Clause 1.2 of the Policy.
2. Applicability of Privacy Policy2.1. The policy applies to ensure the protection of privacy and personal data in relation to:2.1.1. for natural persons – customers, patients and other recipients of services, employees, as well as third parties who, in connection with the provision of services to a natural person (patient, client), receive or transfer any information to the Clinic (including contact persons, payers, etc.);2.1.2. Visitors to the clinic office and other premises, including those for which video surveillance is carried out;2.1.3. Website maintained by the clinic for users.2.2. The policy applies to data processing regardless of the form in which the data is provided and processed.2.3. The clinic may set additional rules for certain types of data processing, which you will be informed about when you provide the relevant data.
3. Purposes (objectives) of personal data processing
3.1. To ensure the provision of services:3.1.1. in order to provide you with services and ensure the conclusion of contracts related to the provision of services (e.g. for identifying customers, communicating in matters related to the provision of services, conducting examinations and providing healthcare services, providing accommodation services), the following personal data of yours will be processed: identification data, contact information, service information, medical information, examinations, results, information about the contract, contact and specialist data of cooperation partners (e.g. data of medical institution specialists), health insurance policy and its number (if any), service code and name, signature, other unclassified and voluntarily provided data;3.1.2. for monitoring the execution of settlements, ensuring accounting measures, as well as for the purpose of preventing potential financial and organizational risks, in addition We will process your settlement information, which reflects the services received and their payment;3.1.3. in order for Us to defend our violated legal interests (e.g. by applying to court to recover a debt for the services received), in addition to the aforementioned, we will process legal proceedings information;3.1.4. in order to ensure the quality of services, for the provision of record-keeping measures, including archiving of information, as well as for consideration of customer submissions, requests, claims, and other types of communication, in addition We will process information contained in communication materials (e.g. correspondence), video recordings (personal image, appearance, behavior , actions taken), any other information that the data subject (You) will have indicated, information about the question under consideration and the answer provided;3.1.5. in order to provide you with important and up-to-date information about the services we provide, as well as to maintain the operation of the web pages, we will process information about the use of the website, the platform on which your device operates and the language of the device, the internet protocol address (if applicable).
3.2. For marketing and loyalty promotion:3.2.1. promotion of services and marketing activities (e.g. direct advertising aimed at the Client, collection of marketing statistics, analytics of service usage habits, etc.) are carried out for the purpose of promoting services, attracting and retaining customers. As part of this, We will process the following personal data of yours (depending on the specific event): identification information, information about the communication channels used, information about the opinion, information about the service, information about the use of web pages, information contained in communication materials (e.g. correspondence), contact information, social media information, etc. unclassified, project-specific information;3.2.2. in order for the communications provided by Us to be interesting and useful to You, We may use the information We have about You. Using the contact information provided by you, we also have the opportunity to reach you not only in the form of e-mails or text messages, but using the opportunities offered by digital marketing, also on other portals, applications (apps) or social networks that offer you the opportunity to reflect Our announcements (administration of commercial notices).
3.3. For the administration of corporate events:3.3.1. to ensure the organization of seminars and other events (including reception of visitors as part of events) and coverage in internal and external communication channels to ensure publicity, incl. in social networks, in order to inform the public about our activities, ensure the publicity of the organized events, as well as to promote social responsibility and improve representative relations, We process the following personal data of yours: identification data, information on access to premises and territory, contact information, photos, audio recordings, video recordings (image of a person (appearance, behavior, actions performed), recording time, date and recording location), other unclassified and voluntarily specified data or information, information specific to a specific project;3.3.2. organization and coverage of corporate and collective gathering events, etc. measures are taken to promote employee loyalty, motivation and collective cohesion. As part of the events, We process the following personal data: identification data, contact information, photographs, audio recordings, video recordings (personal image (appearance, behavior, actions performed), recording time, date and recording location), other unclassified and voluntarily specified data or information, for a specific project specific information;3.3.3. coverage of corporate events and preparation and presentation of informative publications on our administered websites, media and social network profiles (e.g. facebook.com, instagram.com, twitter.com, youtube.com) is done to promote the brand of the Clinic and the service offered visibility in order to ensure public information about the Clinic’s commercial activities, as well as to save information about events in Our archive. When choosing to publish some information, the clinic always tries to ensure that the published materials do not violate your rights and freedoms as a data subject. We respect your right to the inviolability of private life, while we are aware that we may not know all the facts and circumstances of the possible impact, therefore, in order to ensure fair data processing, you have the right to contact us and object to the reflection of your personal data.
3.4. To ensure the protection of security and other legal interests:3.4.1. in order to avoid security risks that can cause both physical damage to Our premises, employees and other visitors, as well as damage to information by compromising what we have, We carry out regular supervision and monitoring of events in the premises and territories using the established access regime, as also information recorded in video surveillance recordings. Also, We regularly monitor the information technology infrastructure, saving information on those cases when someone connected or tries to connect to Our systems and infrastructure. As part of this, the following personal data may be processed: identification data and position, information on access to premises and territory, contact information, video recordings (personal image (appearance, behavior, actions performed), legal proceedings information, other information related to the specific case;3.4.2. In order to protect the safety of the Clinic, Clients and employees and other legal interests, We maintain audit records of information systems, information technology security incidents (e.g. in case of unauthorized external access), as well as any type of malicious activity on information systems, any websites or applications (e.g. DDoS attack) prevention and investigation, prevention and investigation of personal data processing violations (e.g. illegal access to premises), provision of information to state authorities and other persons (e.g. police). As part of this, the following personal data may be processed (but not limited to): authentication and access information to systems and their use, information on access to premises and territory, information necessary for the performance of job duties and the realization of the company’s legitimate interests, information contained in communication materials (e.g. correspondence) information, social media information and expressed opinion, other unclassified and voluntarily specified data or information that the data subject has indicated in the submission, request, claim, proposal.
3.5. To ensure the employee recruitment process:3.5.1. when you apply for a job at the Clinic, we have a legal interest in processing all the information you will have included in your CV and application letter, evaluating the information provided in it, organizing the negotiation procedure, conducting negotiations and providing evidence that supports the legal course of the relevant process. In case of disputes, the information obtained during the selection process may be used to reflect its legal process;3.5.2. in case you are invited to a job interview, we will process the information provided during the job interview, completed tests or other tests and data obtained as a result of assessments. If the job interview will take place using online communication tools, your audio and/or video recording may be additionally processed;3.5.3. if in accordance with the provisions of Article 36 of the Labor Law, you will be sent for a health examination, we will process the information obtained during the health examination to make sure that you have no obstacles to occupying the relevant position;3.5.4. We will also process information related to the organization of the selection process (e.g. information about whether we have contacted you, notes about the time and progress of a possible meeting).
3.6. For the establishment and execution of employment legal relations:3.6.1. in order to conclude an employment contract with you, it is necessary to process the following personal data: identification data (name, surname, personal code, contact information (address, e-mail address, phone number)), information about salary and education, and other special conditions, if any, which govern our relationship and which are reflected in the employment contract. In order to verify your identity, we will ask you to present an identity document (passport or identity card);3.6.2. in order to calculate and pay your salary, we process the following personal data: name, surname, personal code, position, information about the bank and account number, information about absence, reliefs for tax calculation, if any, information about business trips, their duration, due allowances, information on how much and what taxes have been calculated;3.6.3. in order to provide you with a safe and healthy working environment, in accordance with the requirements of regulatory acts, we will send you to mandatory health examinations and process the information included in the mandatory health examination card. To achieve this purpose, your personal data will be processed such as name, surname, personal identification number, specified risk factor, information provided by the occupational therapist on the conditions so that you can perform your work duties;3.6.4. in order to fulfill the requirements set out in the laws and regulations regarding the training of employees to ensure safe and harmless working conditions, we will conduct briefings (e.g. on labor protection and fire safety issues), during which the following personal data of yours may be processed: name, surname and other identifying information, position held, as well as information about the briefings;3.6.5. in order to ensure safe working conditions for you, it may be necessary to investigate accidents at work by processing the following data of yours: name, surname, personal identification number, residential address, length of service, position, contact information (phone, e-mail), information about the circumstances of the accident, the severity of the injury and other information that may be necessary to fully investigate the accident, including information recorded using video surveillance or photo recording;3.6.6. You may need to go on business trips in the course of your work duties. In this case, in order to organize a business trip (order air tickets, apply for accommodation, etc.), the following personal data of yours may be processed: name, surname, personal identification number, contact information, data of personal identification documents;3.6.7. in order to evaluate your performance and your individual work results, We may process your personal data, including but not limited to name, surname, position, information on quantitative, efficiency and qualitative indicators of work achievement, competences and skills, learning needs and information about your interaction with colleagues and clients;3.6.8. after concluding an employment contract, in order to ensure access to IT resources, a user profile will be created for you in the information systems by creating an e-mail address, a user password, and information about the used authentication tool will also be recorded. For you, while performing your daily work duties, We will obtain information that will reflect how you use the Clinic’s information systems, when and what actions you performed in the resources assigned to you. In the event that you connect to information systems using remote work options, information about the equipment you use and the Internet Protocol (IP) address will be processed;3.6.8. Your personal data may need to be processed, including transferred to third parties, to ensure the economic operation of the Clinic. For example, a power of attorney can be prepared, which will indicate your name, surname, personal identification number, as well as documents certifying your professional activity can be submitted to third parties. Your name, surname and contact information may be indicated in correspondence with other natural or legal persons, as well as in cooperation agreements, if you are indicated as a contact person, or published on the manager’s website.
3.7. To fulfill the requirements of regulatory acts or to exercise the Clinic’s rights in accordance with regulatory acts:3.7.1. for providing information to state and local government control and pre-trial investigation institutions, other state and local government institutions within their competence (e.g. police or archives);3.7.2. for requesting information from state institutions or other authorized persons about the Customer in cases where it is permitted by law.
4. Legal basis of processing4.1. a contract has been concluded or will be concluded between you and the Clinic (e.g. employment or service contract). In this case, we will process your personal data if they are necessary for the performance of the contract or for taking measures at your request before concluding the contract. In the event that you do not provide the personal data necessary for concluding and/or executing the contract, We will not be able to conclude and/or execute the contract;4.2. The processing of your personal data is necessary to fulfill the legal obligations applicable to the Clinic specified in the regulatory acts. We are obliged to ensure the provision of your information to state institutions and the information systems under their management (e.g. to comply with the management obligations of accounting documents, as well as to archive documents, to inform about the start of employment);4.3. the processing of personal data is necessary to respect the legitimate (lawful) interests of the Clinic or a third party. Legitimate interests are rights, the implementation of which is permissible in accordance with regulatory enactments, including in connection with the contract concluded between you and the Clinic (e.g. to prevent potential financial and organizational risks, to provide evidence of the legal conduct of the personnel selection process);4.4. You have given your consent to the processing of your personal data, including in writing, electronically, as well as by telephone or using other solutions (e.g. in relation to participation in surveys, the use of personal data collected through cookies);4.5. the processing of personal data is necessary for the Clinic to fulfill a task performed in the public interest.
5. Term of personal data processing5.1. Your personal data is processed for such a period of time as it is necessary to achieve the purposes of personal data processing specified in point 3, including fulfilling the obligations set out in the regulatory acts, e.g.:5.1.1. we will keep patients’ medical records for 40 years after the last record was made or 15 years after the patient’s death;5.1.2. we will keep the information submitted by job applicants for 6 months, or if a complaint is received about the relevant selection process, until the complaint is examined and fully resolved, or if the basis for personal data processing is consent, then until the withdrawal of consent;5.1.3. employment contracts will be kept for 90 years from the person’s birth;5.1.4. information about OVP will be stored for 10 years;5.1.5. we will keep information about issued invoices and information related to payments for no less than 5 years, in accordance with the provisions of the Accounting Law;5.1.6. we will keep video surveillance recordings for no longer than 14 days;5.1.7. as long as your consent to the processing of personal data, e.g. marketing activities or cookie processing, is valid,5.1.8. if a complaint is received or the Controller’s legal interest is violated (e.g. there is a dispute about the amount of services received), the relevant information may be stored until the issue is resolved (e.g. until the final court judgment enters into force).
6. Personal data is processed through cookies In order to improve the functionality of the Clinic’s web pages and adapt them to your usage habits, as well as to obtain statistics on the actions performed, provide a personalized user experience and inform you about current events, the Clinic’s website processes cookies. Necessary or functional cookies are processed to meet the legitimate interests of the Clinic, while statistical and marketing cookies are processed if you have given your consent to the processing of these cookies. Regarding the processing of personal data, which is carried out through cookies, detailed information is available in the Cookie Policy on the Clinic’s website.
7. Disclosure of personal data outside the European Union7.1. In some cases, the Clinic may transfer your personal data outside the European Union (e.g. when online communication tools such as WhatsApp, Skype or others are used) or data storage solutions that provide services outside the European Union, or by engaging third parties that assist the Clinic to perform the tasks of economic activity mentioned in the Policy and are located outside the European Union. For statistical and marketing purposes, the Clinic may also use third-party cookies (e.g. Google, Facebook), where the information generated by the cookies may be sent and stored outside the European Union.7.2. In each individual case, the clinic chooses the special personal data protection guarantees specified in the Regulation (e.g. standard clauses with the recipient of personal data or use exceptions, such as the need to fulfill the concluded contract or your consent to data processing).
8. Who will receive your personal data8.1. The processing of your personal data will be carried out by authorized employees of the Clinic, in accordance with the scope determined in their work duties, in compliance with the requirements set forth in personal data protection and other regulatory acts, as well as the personal data processing requirements set forth in the internal regulatory acts of the Clinic.8.2. We can transfer your personal data to the following recipients of personal data, if this does not contradict the applicable regulatory enactments (e.g. transfer personal data to processors (collaboration partners who provide the Clinic with support in providing services), with whom an agreement meeting the requirements of the Regulation has been concluded) :8.2.1. accommodation service providers;8.2.2. information systems consultants;8.2.3. advertising and marketing service providers, event organizers;8.2.4. legal service providers;8.2.5. real estate management and administration service providers;8.2.6. economic activity assurance service providers;8.2.7. printing service providers;8.2.8. out-of-court debt recovery service providers;8.2.9. security and safety service providers;8.2.10. insurance service providers;8.2.11. postal and delivery service providers;8.2.12. audit and audit service providers;8.2.13. banks and other payment and financial service providers;8.2.14. cookie managers;8.2.15. for maintainers and service providers of online communication channels;8.2.16. secure electronic signature for verifiers;8.2.17. Your authorized persons or representatives;8.2.18. state and local government institutions;8.2.19. law enforcement authorities, courts.8.3. We may receive information about you from third parties, such as:8.3.1. cooperation partners who help Us accept payments from You;8.3.2. other medical institutions and specialists.
9. Data subject (Your) rights As a data subject, you have the following rights regarding the processing of your personal data:9.1. Access rights:9.1.1. access your personal data and receive information from the Clinic about the processing of your personal data. If the information provided in the Policy does not seem comprehensive enough to you, then using the contact information specified in point 1.2, you can request to provide information about the purposes of your personal data processing, the types of personal data and categories of recipients, the storage period of personal data, your rights regarding data processing and personal data receiving source;9.1.2. receive a free copy of your personal data processed by the Clinic. If requests for copies are manifestly unreasonable or excessive, in particular due to their regular recurrence, the Clinic may determine a reasonable fee justified by administrative costs or refuse to fulfill the request.9.2. The right to correction – if you notice inaccuracies in your personal data, you have the right to request that the Clinic correct the inaccurate data.9.3. Right to deletion – You have the right to request that the Clinic delete your personal data if:9.3.1. personal data are no longer necessary to achieve the purposes specified in the Policy;9.3.2. You withdraw your consent on the basis of which personal data was processed;9.3.3. You object to the processing in accordance with Article 21, Clause 1 of the Regulation, and the Clinic does not indicate convincing legitimate reasons for the processing that are more important than the interests, rights and freedoms of the data subject;9.3.4. personal data has been processed illegally;9.3.5. personal data must be deleted in accordance with the requirements of regulatory acts.In certain cases, the Clinic will not be able to fulfill your request to delete personal data. This applies to cases where, in accordance with regulatory enactments, the Clinic is obliged to process your personal data (e.g. to perform accounting and save information about the remuneration calculated for you). Similarly, data deletion is not possible if the processing is necessary to fulfill a task carried out in the public interest, including the public interest in the field of public health, for archiving or statistical purposes, as well as to raise, implement or defend legal claims, as well as if personal data correction or deletion is not possible without affecting the integrity of the records. Namely, in the mentioned cases, the right to request the deletion of your personal data is limited.9.4. The right to restrict the processing of personal data – You have the right to request that the Clinic restricts the processing of your personal data if:9.4.1. You believe that inaccurate data is being processed (for the time that the Clinic checks the accuracy of personal data);9.4.2. You believe that the processing is illegal, but you do not want to delete this personal data;9.4.3. The clinic no longer needs your data to achieve the specified purpose, but you need them to raise, implement or defend legal claims;9.4.4. You object to processing in accordance with Article 21, Clause 1 of the Regulation, until it has been verified whether the legitimate reasons of the Clinic are not more important than the legitimate reasons of the data subject.9.5. The right to object to processing – You have the right to object at any time to the processing of your personal data, which the Clinic has based on Article 6, Clause 1, subparagraph f) of the Regulation, i.e. legitimate interest. The clinic is entitled to continue processing your personal data if it indicates compelling legitimate reasons for processing that are more important than your interests, rights and freedoms, or to raise, exercise or defend legal claims.
9.6. The right to withdraw consent – in cases where you have given consent to the processing of certain personal data, you have the right to withdraw it at any time, however, such withdrawal of consent does not affect the legality of the processing, which is based on consent before the withdrawal. You can use Policy 1.2 to withdraw consent. specified contact information.
9.7. The right to portability – You have the right to receive your personal data, which you submitted to the Clinic, in an organized, widely used and machine-readable format (processed electronically or in information systems), and you have the right to request that the said data be sent to another manager (service provider) if this data are processed on the basis of contract or consent. The right of portability applies only to the data that you, as the data subject, have submitted to us.
9.8. The right to submit a complaint – You have the right to submit a complaint to the Clinic, as well as to the State Data Inspectorate, if you believe that the Clinic has violated your rights or has not sufficiently protected your personal data. However, before contacting the State Data Inspectorate, please contact Us or a Data Protection Specialist to find a solution if your right to personal data protection has been violated.
10. Request submission procedure10.1. To exercise all the rights mentioned in the previous paragraph, you can use the contact information of the Clinic specified in the Policy, specifying the following personal data in the request: name, surname, personal identification number, postal address (if you want to receive the answer by registered letter) or e-mail address (if you want to receive the answer by e – the postal address from which you sent the request).10.2. We invite you to submit your request in one of the following ways:10.2.1. send a free-form submission electronically to e-mail by signing an e-mail with a secure electronic signature;10.2.2. send your signed free form application by mail;10.2.3. submit a free form application signed by you in person at the address of the Clinic.
The Clinic may make changes to the Policy by posting relevant information about the changes on its website.
PRIVACY POLICY OF “CLINIC DZINTARI” Ltd. – until October 16, 2023
The objective of the privacy policy is to provide information on the purpose, amount, protection and period of data processing from a person – data subject – at the moment of obtaining the data and during the processing of the personal data of the subject.
(hereinafter all jointly – the Customers).